OpenSSL: how to setup an OCSP server for checking third-party certificates?
Posted
by StackedCrooked
on Super User
See other posts from Super User
or by StackedCrooked
Published on 2010-04-13T13:31:25Z
Indexed on
2010/04/13
13:33 UTC
Read the original article
Hit count: 439
I am testing the Certificate Revocation functionality of a CMTS device. This requires me to setup a OCSP responder. Since it will only be used for testing I assume that the minimal implementation provided by OpenSSL should suffice.
I have extracted the a certificate from a cable modem, copied it to my PC and converted it to the PEM format. Now I want to register it in the OpenSSL OCSP database and start a server.
I have completed all these steps, but when I do a client request my server invariably responds with "unknown". It seems to be completely unaware of my certificate's existence.
I would greatly appreciate if anyone would be willing to have a look at my code. For your convenience, I have created a single script consisting of a sequential list of all used commands, from setting up the CA until starting the server: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/AllCommands.sh
You can also find the custom config file and the certificate that I am testing with: http://code.google.com/p/stacked-crooked/source/browse/trunk/Misc/OpenSSL/
Any help would be greatly appreciated.
© Super User or respective owner